A few days ago security a database containing 5 million alleged Google login and password has been leaked online on a Russian cyber security internet forum. Google immediately started its investigation and discovered that huge archive of Gmail credentials didn’t come from the security data breaches, rather the accounts’ data had been stolen by phishing attacks and other illegal practices, including social engineering attacks and malware based attacks.
Recently it has been discovered a malware which infected hundreds of thousands of computers worldwide with the purpose to syphon users’ data. The malware based attack allowed bad actors to steal social and banking site credentials.
A Greek security researcher discovered a new strain of malware spread via spam email infecting rapidly a huge number of machines. The expert detected the malware while it was attacking his corporate honeypot and conducted technical analyses posting its results on a blog post. The malware appears as a combination of software AutoIT (Automate day-to-day tasks on computers) and a commercial Keylogger named “Limitless Keylogger”. The researchers highlighted the use of Limitless Keylogger to intercept every keystrokes users press and send them back to the attackers via email, meanwhile AutoIT was adopted in order to evade detection by Antivirus programs.
The use of Keylogger confirms the intention of attackers into users’ credentials for most popular web services, including Email accounts, Social Media accounts and Online Bank accounts.
The researcher explained that malware is sent as mail attachment with a customized icon.
“The mail attachment, contained this file. An executable with a custom icon. After a fast static analysis, it is recognised to be a WinRAR SFX executable with some dummy comments.” states the researcher.
The researcher discovered that originally the AutoIT Script size is 331MB, but once “deobfuscate” it appears as a tiny malicious code with only 55 kb in size.
The threat actor dedicated great attention to evasion technique, he implemented several functionalities to keep hidden malware and its activities.
The Greek researcher has analyzed the network traffic produced by the malware, in particular, he sniffed SMTP data, discovering that information collected from the keylogger was sent to a specific email, “ontherun4sales@yandex.ru”.
The researcher speculated that a group of Indonesian hackers is behind the spam campaign and the cyber criminals are targeting popular companies from different industries.
The researcher closes the post with an interesting observation … it seems that cyber criminals forgot their keylogger logs in public!
“If we de-base64 the traffic send by the Limitless Logger via mail, and search the pattern in google, you can find some interesting things..
“
(Security Affairs – AutoIT malware, cybercrime)
Fintech firm Figure confirmed a data breach after hackers used social engineering to trick an…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and…
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL…
A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial…
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code…
Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations.…
This website uses cookies.
